Stay on target

Since Amazon began waltzing into strangers’ homes to drop off packages, the company’s Key delivery service has run fairly smoothly.

But customers’ initial fears of exploitation are materializing with a new hack that makes it easy to break Amazon Key using a Raspberry Pi.

A researcher, known only as MG, claims to have found a way to bypass the built-in security and walk right through the front door.

“I call this the ‘Break & Enter dropbox’ and it pairs well with my Amazon Key,” he tweeted on Sunday. “Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn’t.”

I call this the "Break & Enter dropbox" and it pairs well with my Amazon Key (smartlock & smartcam combo).

It's all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn't. pic.twitter.com/35krz46Kab

An accompanying video shows MG as a mock criminal-cum-delivery driver planting a Pi computer inside a porch light. A faux courier then unlocks the door, deposits the parcel, relocks the house, and leaves.

Except, the door isn’t bolted; the sound of the latch is a fake audio file, according toForbes. Once the hacker returns, he strolls in without a problem.

“To preemptively answer the obvious question of ‘how?,’ I’m withholding details until Amazon has a chance to fix this,” MG said over the weekend.

The tech titan, meanwhile, is sticking to its story that consumers have nothing to worry about.

Amazon on Tuesday told Forbes that the app tested by MG is not the same as the one used by drivers, which ensures the door is only open for a brief period, communication to the camera and lock remains uninterrupted, and the door is securely relocked.

“The driver does not leave without physically checking that the door is locked,” a company spokeswoman said. “Safety and security is built into every aspect of the service.”

Still, Amazon plans to deliver a technical fix by the end of the week—a precaution, if you will. Not because it’s necessary, but because it will offer peace of mind.

This is not the first time Amazon has been forced to update Key to address potential flaws: As Forbes pointed out, it issued patches last year, after Rhino Security Labs managed to flood the Wi-Fi with traffic, making it impossible to lock the door.

Still not comfortable with the idea of letting a delivery person into your house while you’re not home? You could always have Amazon put your parcels in your trunk instead.